Authorization code grant type of oAuth2

2018-06-16 23:16:15

I am trying to implement Resource Owner part of oAuth2 (Authorization code grant type). While going through oAuth2 specification, I found following text about initial client request for authorization:

" The client directs the resource owner to the constructed URI using an HTTP redirection response, or by other means available to it via the user-agent. "

I am a bit confused about "HTTP redirection response" part. can anyone explain a scenario in which client uses HTTP redirection response for directing resource owner to authorization endpoint.

Imagine a user (Resource Owner) wants to access a resource (Resource Server) through an application (Client). The user sends a HTTP request with a web browser to execute an operation on the application. The access to the resource can not be authorized because the HTTP request contains no Access Token in the Authorization Header. In that case the application redirects the user to the Authorization Server instead of responding with an error message. By providing login credentials to the Authorization Server the user can initiate the Authorization Request.

链接地址: http://www.djcxy.com/p/47988.html

上一篇: 用django oauth隐式授予类型

下一篇: oAuth2的授权码授权类型